@intent-systems/nexus 2026.1.5-3 → 2026.1.5-5

package/dist/credentials/store.js

@@ -0,0 +1,449 @@
+import { exec, execFile } from "node:child_process";
+import fs from "node:fs";
+import fsp from "node:fs/promises";
+import path from "node:path";
+import { promisify } from "node:util";
+import { resolveCredentialsDir } from "../config/paths.js";
+export { resolveCredentialsDir };
+const execFileAsync = promisify(execFile);
+const execAsync = promisify(exec);
+export function resolveCredentialIndexPath() {
+    return path.join(resolveCredentialsDir(), "index.json");
+}
+export function resolveCredentialPath(service, account, authId) {
+    return path.join(resolveCredentialsDir(), service, "accounts", account, "auth", `${authId}.json`);
+}
+export function readCredentialRecordSync(filePath) {
+    try {
+        const raw = fs.readFileSync(filePath, "utf-8");
+        const parsed = JSON.parse(raw);
+        if (!parsed || typeof parsed !== "object")
+            return null;
+        if (!parsed.type || !parsed.storage)
+            return null;
+        return parsed;
+    }
+    catch {
+        return null;
+    }
+}
+export async function readCredentialRecord(filePath) {
+    try {
+        const raw = await fsp.readFile(filePath, "utf-8");
+        const parsed = JSON.parse(raw);
+        if (!parsed || typeof parsed !== "object")
+            return null;
+        if (!parsed.type || !parsed.storage)
+            return null;
+        return parsed;
+    }
+    catch {
+        return null;
+    }
+}
+export function writeCredentialRecordSync(service, account, authId, record) {
+    const filePath = resolveCredentialPath(service, account, authId);
+    const dir = path.dirname(filePath);
+    fs.mkdirSync(dir, { recursive: true });
+    fs.writeFileSync(filePath, `${JSON.stringify(record, null, 2)}\n`, "utf-8");
+    fs.chmodSync(filePath, 0o600);
+}
+export async function writeCredentialRecord(service, account, authId, record) {
+    const filePath = resolveCredentialPath(service, account, authId);
+    const dir = path.dirname(filePath);
+    await fsp.mkdir(dir, { recursive: true });
+    await fsp.writeFile(filePath, `${JSON.stringify(record, null, 2)}\n`, "utf-8");
+}
+function isDirentDirectory(entry) {
+    return typeof entry !== "string";
+}
+export function listCredentialEntriesSync() {
+    const root = resolveCredentialsDir();
+    if (!fs.existsSync(root))
+        return [];
+    const services = fs.readdirSync(root, { withFileTypes: true });
+    const entries = [];
+    for (const serviceEntry of services) {
+        if (!isDirentDirectory(serviceEntry) || !serviceEntry.isDirectory())
+            continue;
+        const service = serviceEntry.name;
+        const accountsDir = path.join(root, service, "accounts");
+        if (!fs.existsSync(accountsDir))
+            continue;
+        const accounts = fs.readdirSync(accountsDir, { withFileTypes: true });
+        for (const accountEntry of accounts) {
+            if (!isDirentDirectory(accountEntry) || !accountEntry.isDirectory())
+                continue;
+            const account = accountEntry.name;
+            const authDir = path.join(accountsDir, account, "auth");
+            if (!fs.existsSync(authDir))
+                continue;
+            const authFiles = fs.readdirSync(authDir, { withFileTypes: true });
+            for (const authEntry of authFiles) {
+                if (!isDirentDirectory(authEntry) || authEntry.isDirectory())
+                    continue;
+                if (!authEntry.name.endsWith(".json"))
+                    continue;
+                const authId = authEntry.name.replace(/\.json$/, "");
+                const filePath = path.join(authDir, authEntry.name);
+                const record = readCredentialRecordSync(filePath);
+                if (!record)
+                    continue;
+                entries.push({ service, account, authId, filePath, record });
+            }
+        }
+    }
+    return entries;
+}
+export async function listCredentialEntries() {
+    const root = resolveCredentialsDir();
+    if (!fs.existsSync(root))
+        return [];
+    const services = await fsp.readdir(root, { withFileTypes: true });
+    const entries = [];
+    for (const serviceEntry of services) {
+        if (!isDirentDirectory(serviceEntry) || !serviceEntry.isDirectory())
+            continue;
+        const service = serviceEntry.name;
+        const accountsDir = path.join(root, service, "accounts");
+        if (!fs.existsSync(accountsDir))
+            continue;
+        const accounts = await fsp.readdir(accountsDir, { withFileTypes: true });
+        for (const accountEntry of accounts) {
+            if (!isDirentDirectory(accountEntry) || !accountEntry.isDirectory())
+                continue;
+            const account = accountEntry.name;
+            const authDir = path.join(accountsDir, account, "auth");
+            if (!fs.existsSync(authDir))
+                continue;
+            const authFiles = await fsp.readdir(authDir, { withFileTypes: true });
+            for (const authEntry of authFiles) {
+                if (!isDirentDirectory(authEntry) || authEntry.isDirectory())
+                    continue;
+                if (!authEntry.name.endsWith(".json"))
+                    continue;
+                const authId = authEntry.name.replace(/\.json$/, "");
+                const filePath = path.join(authDir, authEntry.name);
+                const record = await readCredentialRecord(filePath);
+                if (!record)
+                    continue;
+                entries.push({ service, account, authId, filePath, record });
+            }
+        }
+    }
+    return entries;
+}
+export function buildCredentialIndex(entries) {
+    const services = {};
+    for (const entry of entries) {
+        const service = services[entry.service] ?? { accounts: [] };
+        const account = service.accounts.find((acc) => acc.id === entry.account);
+        const status = entry.record.lastError
+            ? "broken"
+            : entry.record.lastUsed
+                ? "active"
+                : "ready";
+        if (account) {
+            if (!account.auths.includes(entry.authId))
+                account.auths.push(entry.authId);
+            if (entry.record.lastError) {
+                account.status = "broken";
+                account.lastError = entry.record.lastError;
+            }
+            else if (account.status !== "broken" && entry.record.lastUsed) {
+                account.status = "active";
+                account.lastUsed = entry.record.lastUsed;
+            }
+        }
+        else {
+            service.accounts.push({
+                id: entry.account,
+                owner: entry.record.owner,
+                auths: [entry.authId],
+                status,
+                lastUsed: entry.record.lastUsed,
+                lastError: entry.record.lastError ?? null,
+            });
+        }
+        services[entry.service] = service;
+    }
+    return {
+        version: 1,
+        lastUpdated: new Date().toISOString(),
+        services,
+    };
+}
+export function readCredentialIndexSync() {
+    const indexPath = resolveCredentialIndexPath();
+    try {
+        const raw = fs.readFileSync(indexPath, "utf-8");
+        const parsed = JSON.parse(raw);
+        if (!parsed || typeof parsed !== "object")
+            return null;
+        if (!parsed.services || typeof parsed.services !== "object")
+            return null;
+        return parsed;
+    }
+    catch {
+        return null;
+    }
+}
+export async function readCredentialIndex() {
+    const indexPath = resolveCredentialIndexPath();
+    try {
+        const raw = await fsp.readFile(indexPath, "utf-8");
+        const parsed = JSON.parse(raw);
+        if (!parsed || typeof parsed !== "object")
+            return null;
+        if (!parsed.services || typeof parsed.services !== "object")
+            return null;
+        return parsed;
+    }
+    catch {
+        return null;
+    }
+}
+export function writeCredentialIndexSync(index) {
+    const indexPath = resolveCredentialIndexPath();
+    fs.mkdirSync(path.dirname(indexPath), { recursive: true });
+    fs.writeFileSync(indexPath, `${JSON.stringify(index, null, 2)}\n`, "utf-8");
+}
+export async function writeCredentialIndex(index) {
+    const indexPath = resolveCredentialIndexPath();
+    await fsp.mkdir(path.dirname(indexPath), { recursive: true });
+    await fsp.writeFile(indexPath, `${JSON.stringify(index, null, 2)}\n`, "utf-8");
+}
+export function ensureCredentialIndexSync() {
+    const existing = readCredentialIndexSync();
+    if (existing)
+        return existing;
+    const index = buildCredentialIndex(listCredentialEntriesSync());
+    writeCredentialIndexSync(index);
+    return index;
+}
+function resolveStorageField(storage, field) {
+    if (storage.provider !== "1password")
+        return null;
+    const exact = storage.fields?.[field];
+    if (exact)
+        return exact;
+    if (field === "key")
+        return storage.fields?.apiKey ?? storage.fields?.token ?? null;
+    if (field === "accessToken")
+        return storage.fields?.accessToken ?? storage.fields?.token ?? null;
+    return null;
+}
+async function readRawFromStorage(storage, field) {
+    if (storage.provider === "keychain") {
+        try {
+            const { stdout } = await execFileAsync("security", [
+                "find-generic-password",
+                "-s",
+                storage.service,
+                "-a",
+                storage.account,
+                "-w",
+            ]);
+            const trimmed = stdout.trim();
+            return trimmed ? trimmed : null;
+        }
+        catch {
+            return null;
+        }
+    }
+    if (storage.provider === "env") {
+        const envValue = process.env[storage.var];
+        if (typeof envValue !== "string")
+            return null;
+        const trimmed = envValue.trim();
+        return trimmed ? trimmed : null;
+    }
+    if (storage.provider === "1password") {
+        const fieldName = resolveStorageField(storage, field);
+        if (!fieldName)
+            return null;
+        const itemRef = `op://${storage.vault}/${storage.item}/${fieldName}`;
+        try {
+            const { stdout } = await execFileAsync("op", ["read", itemRef]);
+            const trimmed = stdout.trim();
+            return trimmed ? trimmed : null;
+        }
+        catch {
+            return null;
+        }
+    }
+    if (storage.provider === "external") {
+        try {
+            const command = storage.command ?? storage.syncCommand;
+            if (!command)
+                return null;
+            const { stdout } = await execAsync(command);
+            const trimmed = stdout.trim();
+            return trimmed ? trimmed : null;
+        }
+        catch {
+            return null;
+        }
+    }
+    return null;
+}
+async function readSecretFromStorage(record, field) {
+    const storage = record.storage;
+    const raw = await readRawFromStorage(storage, field);
+    if (!raw)
+        return null;
+    const wantsJson = storage.format === "json" || Boolean(storage.jsonPath);
+    if (!wantsJson)
+        return raw;
+    try {
+        const parsed = JSON.parse(raw);
+        const pathSpec = storage.jsonPath ?? field;
+        const resolved = resolveJsonPath(parsed, pathSpec);
+        if (typeof resolved === "string")
+            return resolved.trim() || null;
+        if (typeof resolved === "number")
+            return String(resolved);
+        return null;
+    }
+    catch {
+        return null;
+    }
+}
+function resolveJsonPath(value, pathSpec) {
+    const parts = pathSpec.split(".").filter(Boolean);
+    let current = value;
+    for (const part of parts) {
+        if (!current || typeof current !== "object")
+            return undefined;
+        const match = /^(.+?)\[(\d+)\]$/.exec(part);
+        if (match) {
+            const [, key, indexRaw] = match;
+            const index = Number.parseInt(indexRaw, 10);
+            if (Number.isNaN(index))
+                return undefined;
+            const next = current[key ?? ""];
+            if (!Array.isArray(next))
+                return undefined;
+            current = next[index];
+            continue;
+        }
+        current = current[part];
+    }
+    return current;
+}
+export function resolveDefaultEnvVar(params) {
+    const service = params.service.toLowerCase();
+    const type = params.type;
+    const known = {
+        anthropic: {
+            api_key: "ANTHROPIC_API_KEY",
+            token: "ANTHROPIC_OAUTH_TOKEN",
+            oauth: "ANTHROPIC_OAUTH_TOKEN",
+        },
+        openai: { api_key: "OPENAI_API_KEY" },
+        gemini: { api_key: "GEMINI_API_KEY" },
+        "brave-search": { api_key: "BRAVE_API_KEY" },
+        github: { token: "GITHUB_TOKEN" },
+        "github-copilot": { token: "COPILOT_GITHUB_TOKEN" },
+        discord: { token: "DISCORD_BOT_TOKEN" },
+        slack: { token: "SLACK_BOT_TOKEN" },
+        openrouter: { api_key: "OPENROUTER_API_KEY" },
+        zai: { api_key: "ZAI_API_KEY" },
+        minimax: { api_key: "MINIMAX_API_KEY", token: "MINIMAX_API_KEY" },
+        "openai-codex": { oauth: "NEXUS_OPENAI_CODEX_TOKEN" },
+        "google-antigravity": { oauth: "NEXUS_GOOGLE_ANTIGRAVITY_TOKEN" },
+        chutes: { oauth: "NEXUS_CHUTES_TOKEN" },
+        "nexus-cloud": { token: "NEXUS_CLOUD_TOKEN" },
+        "nexus-hub": { token: "NEXUS_HUB_TOKEN" },
+    };
+    const mapped = known[service]?.[type];
+    if (mapped)
+        return mapped;
+    const suffix = type === "api_key"
+        ? "API_KEY"
+        : type === "oauth"
+            ? "OAUTH_TOKEN"
+            : type === "token"
+                ? "TOKEN"
+                : "CONFIG";
+    const normalized = service.toUpperCase().replace(/[^A-Z0-9]+/g, "_");
+    return `NEXUS_${normalized}_${suffix}`;
+}
+export async function resolveOAuthBundle(record) {
+    if (record.type !== "oauth")
+        return {};
+    const raw = await readRawFromStorage(record.storage, "accessToken");
+    if (!raw)
+        return {};
+    const wantsJson = record.storage.format === "json" || Boolean(record.storage.jsonPath);
+    if (!wantsJson) {
+        return { accessToken: raw, expiresAt: record.expiresAt };
+    }
+    try {
+        const parsed = JSON.parse(raw);
+        if (record.storage.jsonPath) {
+            const access = resolveJsonPath(parsed, record.storage.jsonPath);
+            if (typeof access === "string") {
+                return { accessToken: access };
+            }
+        }
+        const accessToken = typeof parsed.accessToken === "string"
+            ? parsed.accessToken
+            : typeof parsed.access_token === "string"
+                ? parsed.access_token
+                : undefined;
+        const refreshToken = typeof parsed.refreshToken === "string"
+            ? parsed.refreshToken
+            : typeof parsed.refresh_token === "string"
+                ? parsed.refresh_token
+                : undefined;
+        const expiresAt = typeof parsed.expiresAt === "number" || typeof parsed.expiresAt === "string"
+            ? parsed.expiresAt
+            : typeof parsed.expires_at === "number" || typeof parsed.expires_at === "string"
+                ? parsed.expires_at
+                : undefined;
+        return { accessToken, refreshToken, expiresAt };
+    }
+    catch {
+        return {};
+    }
+}
+export async function storeKeychainSecret(params) {
+    try {
+        await execFileAsync("security", [
+            "add-generic-password",
+            "-U",
+            "-s",
+            params.service,
+            "-a",
+            params.account,
+            "-w",
+            params.value,
+        ]);
+        return true;
+    }
+    catch {
+        return false;
+    }
+}
+export async function resolveCredentialValue(record) {
+    if (record.type === "api_key") {
+        const value = await readSecretFromStorage(record, "key");
+        if (!value)
+            return null;
+        return { value, field: "key" };
+    }
+    if (record.type === "token") {
+        const value = await readSecretFromStorage(record, "token");
+        if (!value)
+            return null;
+        return { value, field: "token" };
+    }
+    if (record.type === "oauth") {
+        const value = await readSecretFromStorage(record, "accessToken");
+        if (!value)
+            return null;
+        return { value, field: "accessToken" };
+    }
+    return null;
+}

package/dist/gateway/server-browser.js

@@ -1,11 +1,12 @@
 export async function startBrowserControlServerIfEnabled() {
-    if (process.env.NEXUS_SKIP_BROWSER_CONTROL_SERVER === "1" ||
-        process.env.NEXUS_SKIP_BROWSER_CONTROL_SERVER === "1")
+    if (process.env.NEXUS_SKIP_BROWSER_CONTROL_SERVER === "1")
         return null;
     // Lazy import: keeps startup fast, but still bundles for the embedded
     // gateway (bun --compile) via the static specifier path.
-    const override = (process.env.NEXUS_BROWSER_CONTROL_MODULE ?? process.env.NEXUS_BROWSER_CONTROL_MODULE)?.trim();
-    const mod = override ? await import(override) : await import("../browser/server.js");
+    const override = process.env.NEXUS_BROWSER_CONTROL_MODULE?.trim();
+    const mod = override
+        ? await import(override)
+        : await import("../browser/server.js");
     await mod.startBrowserControlServerFromConfig();
     return { stop: mod.stopBrowserControlServer };
 }

package/dist/gateway/server-methods/cron.js

@@ -41,9 +41,19 @@ export const cronHandlers = {
     },
     "cron.update": async ({ params, respond, context }) => {
         const normalizedPatch = normalizeCronJobPatch(params?.patch);
-        const candidate = normalizedPatch && typeof params === "object" && params !== null
+        const withPatch = normalizedPatch && typeof params === "object" && params !== null
             ? { ...params, patch: normalizedPatch }
             : params;
+        const candidate = withPatch && typeof withPatch === "object" && withPatch !== null
+            ? (() => {
+                const entry = withPatch;
+                if (!entry.id && entry.jobId) {
+                    const { jobId, ...rest } = entry;
+                    return { ...rest, id: jobId };
+                }
+                return entry;
+            })()
+            : withPatch;
         if (!validateCronUpdateParams(candidate)) {
             respond(false, undefined, errorShape(ErrorCodes.INVALID_REQUEST, `invalid cron.update params: ${formatValidationErrors(validateCronUpdateParams.errors)}`));
             return;

package/dist/gateway/server.js

@@ -2,10 +2,10 @@ import { randomUUID } from "node:crypto";
 import os from "node:os";
 import chalk from "chalk";
 import { WebSocketServer } from "ws";
-import { createSubagentRegistry } from "../agents/subagent-registry.js";
 import { DEFAULT_MODEL, DEFAULT_PROVIDER } from "../agents/defaults.js";
 import { loadModelCatalog, resetModelCatalogCacheForTest, } from "../agents/model-catalog.js";
 import { resolveConfiguredModelRef } from "../agents/model-selection.js";
+import { createSubagentRegistry } from "../agents/subagent-registry.js";
 import { CANVAS_HOST_PATH } from "../canvas-host/a2ui.js";
 import { createCanvasHostHandler, startCanvasHost, } from "../canvas-host/server.js";
 import { createDefaultDeps } from "../cli/deps.js";
@@ -256,7 +256,8 @@ export async function startGatewayServer(port = 18789, opts = {}) {
         allowTailscale,
     };
     let hooksConfig = resolveHooksConfig(cfgAtStart);
-    const canvasHostEnabled = process.env.NEXUS_SKIP_CANVAS_HOST !== "1" && cfgAtStart.canvasHost?.enabled !== false;
+    const canvasHostEnabled = process.env.NEXUS_SKIP_CANVAS_HOST !== "1" &&
+        cfgAtStart.canvasHost?.enabled !== false;
     assertGatewayAuthConfigured(resolvedAuth);
     if (tailscaleMode === "funnel" && authMode !== "password") {
         throw new Error("tailscale funnel requires gateway auth mode=password (set gateway.auth.password or NEXUS_GATEWAY_PASSWORD)");
@@ -464,7 +465,7 @@ export async function startGatewayServer(port = 18789, opts = {}) {
                 return resolveMainSessionKey(cfg);
             return resolveAgentMainSessionKey({ cfg, agentId });
         };
-        const enqueueCronSystemEvent = (text, opts) => {
+        const _enqueueCronSystemEvent = (text, opts) => {
             const sessionKey = resolveCronMainSessionKey(opts?.agentId);
             if (sessionKey) {
                 enqueueSystemEvent(text, { sessionKey });
@@ -586,7 +587,9 @@ export async function startGatewayServer(port = 18789, opts = {}) {
         }
         if (process.env.NEXUS_BRIDGE_PORT !== undefined) {
             const parsed = Number.parseInt(process.env.NEXUS_BRIDGE_PORT, 10);
-            return Number.isFinite(parsed) && parsed > 0 ? parsed : deriveDefaultBridgePort(port);
+            return Number.isFinite(parsed) && parsed > 0
+                ? parsed
+                : deriveDefaultBridgePort(port);
         }
         return deriveDefaultBridgePort(port);
     })();
@@ -1049,7 +1052,9 @@ export async function startGatewayServer(port = 18789, opts = {}) {
                         type: "hello-ok",
                         protocol: PROTOCOL_VERSION,
                         server: {
-                            version: process.env.NEXUS_VERSION ?? process.env.npm_package_version ?? "dev",
+                            version: process.env.NEXUS_VERSION ??
+                                process.env.npm_package_version ??
+                                "dev",
                             commit: process.env.GIT_COMMIT,
                             host: os.hostname(),
                             connId,
@@ -1240,7 +1245,8 @@ export async function startGatewayServer(port = 18789, opts = {}) {
     }
     // Launch configured channels (WhatsApp Web, Discord, Slack, Telegram) so gateway replies via the
     // surface the message came from. Tests can opt out via NEXUS_SKIP_CHANNELS (or legacy _PROVIDERS).
-    const skipChannels = process.env.NEXUS_SKIP_CHANNELS === "1" || process.env.NEXUS_SKIP_PROVIDERS === "1";
+    const skipChannels = process.env.NEXUS_SKIP_CHANNELS === "1" ||
+        process.env.NEXUS_SKIP_PROVIDERS === "1";
     if (!skipChannels) {
         try {
             await startProviders();
@@ -1315,7 +1321,8 @@ export async function startGatewayServer(port = 18789, opts = {}) {
             }
         }
         if (plan.restartProviders.size > 0) {
-            const skipChannelReload = process.env.NEXUS_SKIP_CHANNELS === "1" || process.env.NEXUS_SKIP_PROVIDERS === "1";
+            const skipChannelReload = process.env.NEXUS_SKIP_CHANNELS === "1" ||
+                process.env.NEXUS_SKIP_PROVIDERS === "1";
             if (skipChannelReload) {
                 logChannels.info("skipping channel reload (NEXUS_SKIP_CHANNELS=1)");
             }

package/dist/infra/bonjour.js

@@ -2,7 +2,7 @@ import os from "node:os";
 import { logDebug, logWarn } from "../logger.js";
 import { getLogger } from "../logging.js";
 function isDisabledByEnv() {
-    if (process.env.NEXUS_DISABLE_BONJOUR === "1" || process.env.NEXUS_DISABLE_BONJOUR === "1")
+    if (process.env.NEXUS_DISABLE_BONJOUR === "1")
         return true;
     if (process.env.NODE_ENV === "test")
         return true;

package/dist/infra/event-log.js

@@ -200,7 +200,11 @@ export function recordCliCommandFinish(status = "ok") {
 export function recordCliCommandFailure(error) {
     if (!cliSession?.activeCommand)
         return;
-    const message = error instanceof Error ? error.message : typeof error === "string" ? error : "unknown error";
+    const message = error instanceof Error
+        ? error.message
+        : typeof error === "string"
+            ? error
+            : "unknown error";
     writeEvent({
         id: createEventId(),
         ts: Date.now(),
@@ -227,7 +231,9 @@ export function recordCliSessionEnd(params) {
         invocation_kind: cliSession.invocationKind,
         status: params.status,
         error: params.error,
-        data: params.exitCode !== undefined ? { exit_code: params.exitCode } : undefined,
+        data: params.exitCode !== undefined
+            ? { exit_code: params.exitCode }
+            : undefined,
     });
     cliSession = null;
 }

package/dist/infra/path-env.js

@@ -79,10 +79,9 @@ function candidateBinDirs(opts) {
  * under launchd/minimal environments (and inside the macOS bun bundle).
  */
 export function ensureNexusCliOnPath(opts = {}) {
-    if (process.env.NEXUS_PATH_BOOTSTRAPPED === "1" || process.env.NEXUS_PATH_BOOTSTRAPPED === "1")
+    if (process.env.NEXUS_PATH_BOOTSTRAPPED === "1")
         return;
     process.env.NEXUS_PATH_BOOTSTRAPPED = "1";
-    process.env.NEXUS_PATH_BOOTSTRAPPED = "1"; // keep for backward compat
     const existing = opts.pathEnv ?? process.env.PATH ?? "";
     const prepend = candidateBinDirs(opts);
     if (prepend.length === 0)

package/dist/infra/provider-usage.auth.js

@@ -2,7 +2,7 @@ import fs from "node:fs";
 import os from "node:os";
 import path from "node:path";
 import { CLAUDE_CLI_PROFILE_ID, ensureAuthProfileStore, listProfilesForProvider, resolveApiKeyForProfile, resolveAuthProfileOrder, } from "../agents/auth-profiles.js";
-import { getCustomProviderApiKey, resolveEnvApiKey } from "../agents/model-auth.js";
+import { getCustomProviderApiKey, resolveEnvApiKey, } from "../agents/model-auth.js";
 import { normalizeProviderId } from "../agents/model-selection.js";
 import { loadConfig } from "../config/config.js";
 function parseGoogleToken(apiKey) {
@@ -53,7 +53,8 @@ function resolveZaiApiKey() {
     }
 }
 function resolveMinimaxApiKey() {
-    const envDirect = process.env.MINIMAX_CODE_PLAN_KEY?.trim() || process.env.MINIMAX_API_KEY?.trim();
+    const envDirect = process.env.MINIMAX_CODE_PLAN_KEY?.trim() ||
+        process.env.MINIMAX_API_KEY?.trim();
     if (envDirect)
         return envDirect;
     const envResolved = resolveEnvApiKey("minimax");
@@ -112,7 +113,8 @@ async function resolveOAuthToken(params) {
             if (!resolved?.apiKey)
                 continue;
             let token = resolved.apiKey;
-            if (params.provider === "google-gemini-cli" || params.provider === "google-antigravity") {
+            if (params.provider === "google-gemini-cli" ||
+                params.provider === "google-antigravity") {
                 const parsed = parseGoogleToken(resolved.apiKey);
                 token = parsed?.token ?? resolved.apiKey;
             }